The bigger picture review and Rails security reading list #12

Let’s start with an article that describes how someone took over locked Instagram accounts by changing an ID. That’s interesting because I discovered something similar in another app very recently. I think this is why it’s important to regularly review the bigger picture. In this case, that means asking: „What if someone skips a few steps of the ‘locking-an-account‘ workflow and just changes an ID?“.
And now for (not so) completely different articles:

How to inspect the magic bytes of images to fix some problems with the branded vulnerability ImageTragick.


You think you’re copying an innocent command in the browser, but it’s evil.

Harden Firefox security settings

OS X Security and Privacy Guide

 A practical guide to securing OS X.

How to store secrets in a git repository

The Origins of the <Blink> Tag

This is not related to security, but from the history book. The origins of the <blink> tag: Someone was drunk

Like this kind of articles?

Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.

Unsubscribe at any time. Powered by ConvertKit